Commit graph

1320 commits

Author SHA1 Message Date
Richard Levitte
343a7467c2 If all versions of a proto are disabled, disabled the proto as well
For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2670)
2017-02-17 21:28:41 +01:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Rich Salz
7730533866 Add -Wno-parentheses-equality to dev-warnings.
Also fix a block comment formatting glitch.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2327)
2017-01-31 16:35:11 -05:00
Matt Caswell
3cf96e88b7 Fix compilation with no-ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-29 13:32:54 +00:00
Kurt Roeckx
7cb58c0ffa Also set the CXXFLAG to the user supplied flags
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #2025
2016-12-05 21:12:07 +01:00
Kurt Roeckx
0282aeb690 Move libfuzzer sanitizer options to README
This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
3a85d05fb3 Use 8bit-counters when using libfuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Andy Polyakov
5ae5dc9661 INSTALL: clarify 386 and no-sse2 options.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-25 17:34:28 +01:00
Richard Levitte
7b176a549e Only build the body of e_padlock when there are lower level routines
engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the
lower level routines will be present.  However, that's not always
true, for example for solaris-x86-cc, and that leads to build errors.

The better solution is to have configure detect if the lower level
padlock routines are being built, and define the macro PADLOCK_ASM if
they are, and use that macro in our C code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1510)
2016-11-15 15:14:15 +01:00
Richard Levitte
93880ce133 Make it possible to disable building and running tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1514)
2016-11-15 15:00:56 +01:00
Richard Levitte
b612799a80 Revert "Remove heartbeats completely"
Done too soon, this is for future OpenSSL 1.2.0

This reverts commit 6c62f9e163.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-15 14:53:33 +01:00
Richard Levitte
6c62f9e163 Remove heartbeats completely
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-15 10:45:21 +01:00
Richard Levitte
186a31e510 Building: make it possible to force linking with static OpenSSL libs
Very simply, support having the .a extension to denote depending on
static libraries.  Note that this is not supported on native Windows
when building shared libraries, as there is not static library then,
just an import library with the same name.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)
2016-11-10 15:51:42 +01:00
Matt Caswell
ce2596d404 Control building of ossl_shim through Configure
Don't build ossl_shim by default. Switch it on through
enable-external-tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
cfa7697986 Integrate ossl_shim into the build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
ab6e147c49 Allow indented comments in build.info
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Matt Caswell
84a6833658 Update Configure to know about tls1_3
Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
because this is a WIP and will not be interoperable with any other TLS1.3
implementation.

Finally, we fix some tests that started failing when TLS1.3 was disabled by
default.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Rich Salz
42e22c7c4f Revert "Disable MDC2 by default."
This reverts commit ca1574cec2.
Not suitabled for a minor release as it breaks the ABI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-01 10:43:05 -04:00
Rich Salz
ca1574cec2 Disable MDC2 by default.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-31 15:06:06 -04:00
Richard Levitte
83bd048e9d Fix C++ support: set $target{cxx} correctly
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-14 17:52:22 +02:00
Vitezslav Cizek
35a498e431 Configure: remove superfluous 0x
The number is taken from the OPENSSL_VERSION_NUMBER which is already
in the hex form.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1706)
2016-10-13 15:36:03 -04:00
Richard Levitte
fad599f7f1 Remove automatic RPATH - add user rpath support
Make Configure recognise -rpath and -R to support user added rpaths
for OSF1 and Solaris.  For convenience, add a variable LIBRPATH in the
Unix Makefile, which the users can use as follows:

    ./config [options] -Wl,-rpath,\$(LIBRPATH)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-13 02:21:51 +02:00
Richard Levitte
ea24195850 Add support for C++ in Configure
A note: this will form object file names by changing '.cc' to
'_cc.o'.  This will permit other configuration code to recognise these
object files were built for C++ rather than C.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-12 16:37:54 +02:00
Rich Salz
f3b3d7f003 Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
Richard Levitte
66fe388aa4 Have the configuration options 'no-err' and 'no-async' work again
In an earlier attempt to simplify the processing of disabled options,
'no-err' and 'no-async' stopped working properly.  'err' and 'async'
are directories under 'crypto/', but they are special insofar that
they can't be simply skipped, like all the algorithm directories can,
so they need special treatment among the disablable things.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-17 21:57:29 +02:00
Richard Levitte
1967a42eb5 Rearrange the storage of build file template names in %config
They are now relative paths as well

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Richard Levitte
ee9b0bbb4c Register the name of the config file each config target was found in
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Andy Polyakov
35c11bfc69 Configure: detect gcc's dependency generation capability more accurately.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 14:03:36 +02:00
Andy Polyakov
758baa3dc2 Configure: impose ^X on whole build procedure.
Traditionally Configure passed $ENV{PERL} to Makefile. But this
resulted in ambiguilty as Configure script could be executed by
interpreter different from one executing remaining scripts. Since
we separate compile- and run-time interpreters with HASHBANGPERL
variable, there is no reason to segment the build procedure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 13:22:28 +02:00
Rich Salz
141d7325e7 Trim config output
With extensive help and feedback from Richard and Andy.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-09 10:07:11 -04:00
Richard Levitte
342a1a2379 Allow asan, msan and ubsan to be configured with shared libraries
The background story is that util/shlib_wrap.sh was setting LD_PRELOAD
or similar platform dependent variables, just in case the shared
libraries were built with -rpath.  Unfortunately, this doesn't work
too well with asan, msan or ubsan.

So, the solution is to forbid the combination of shared libraries,
-rpath and any of the sanity analyzers we can configure.

This changes util/shlib_wrap.sh so it only contains the code that sets
LD_PRELOAD when -rpath has been used when configuring.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-07 21:53:45 +02:00
Richard Levitte
3e2dd30d66 Configure: Reorganise the checking of disabled options
The way we figured out what options are crypto algorithms and what are
something other was somewhat sketchy.  This change bases the
distinction on available sdirs instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-07 17:27:33 +02:00
Andy Polyakov
047d97afd9 Configure: clarify and refine -static.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-03 10:27:32 +02:00
Richard Levitte
a5e1f1230e Revert "Make it possible to disable fuzz testing"
This reverts commit eb40eaed72.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-01 20:58:40 +02:00
Richard Levitte
d63c12c697 Have Configure's HASH or TABLE produce complete lists
Because some targets execute perl code that might die, we risk
incomplete lists.  Make it so dying doesn't happen when we're listing
targets.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-31 19:47:35 +02:00
Richard Levitte
0c0d78b88d Configure's print_table_entry printed incorrect information
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-31 19:47:08 +02:00
Richard Levitte
eb40eaed72 Make it possible to disable fuzz testing
These tests take a very long time on some platforms, and arent't
always strictly necessary.  This makes it possible to turn them
off.  The necessary binaries are still built, though, in case
someone still wants to do a manual run.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-31 17:43:51 +02:00
Richard Levitte
f879d5ff38 The Perl interpreter might be in a path with spaces, so maybe quote it
Note: some shells do not like the command verb to be quoted, so we avoid
it unless it's actually necessary.

RT#4665

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-31 16:43:26 +02:00
Richard Levitte
ee4cdb7fdb Configure: save away the value of OPENSSL_LOCAL_CONFIG_DIR for reconf
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 05:13:11 +02:00
Richard Levitte
79822c3cd5 Configure: Redo the logic for finding build file templates
Build file templates would be looked up like this if the user gave us
an additional directory to look for configuration files and build file
templates:

    $OPENSSL_LOCAL_CONFIG_DIR/$OSTYPE-Makefile.tmpl
    $SOURCEDIR/Configurations/$OSTYPE-Makefile.tmpl
    $OPENSSL_LOCAL_CONFIG_DIR/Makefile.tmpl
    $SOURCEDIR/Configurations/Makefile.tmpl

So for example, if the user created his own Makefile.tmpl and tried to
use it with a unixly config, it would never be user because we have a
unix-Makefile.tmpl in our Configurations directory.  This is clearly
wrong, and this change makes it look in this order instead:

    $OPENSSL_LOCAL_CONFIG_DIR/$OSTYPE-Makefile.tmpl
    $OPENSSL_LOCAL_CONFIG_DIR/Makefile.tmpl
    $SOURCEDIR/Configurations/$OSTYPE-Makefile.tmpl
    $SOURCEDIR/Configurations/Makefile.tmpl

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 05:13:11 +02:00
Richard Levitte
acc63c7d6d Configure: clean away temporary section of code
We've done away with Makefile as source of information and now use
configdata.pm exclusively.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 05:13:11 +02:00
Richard Levitte
8b5156d188 Make it possible for the user to specify a different default build file
Make sure the information is kept for reconfiguration too.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 05:13:11 +02:00
Richard Levitte
216e8d9103 Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c
The definition of STITCHED_CALL relies on OPENSSL_NO_ASM.  However,
when a configuration simply lacks the assembler implementation for RC4
(which is where we have implemented the stitched call), OPENSSL_NO_ASM
isn't implemented.  Better, then, to rely on specific macros that
indicated that RC4 (and MD5) are implemented in assembler.

For this to work properly, we must also make sure Configure adds the
definition of RC4_ASM among the C flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-26 12:41:07 +02:00
Richard Levitte
a66234bc86 Configure: Properly cache the configured compiler command
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-22 16:12:42 +02:00
Benjamin Kaduk
a9c27fe19f Sort %disabled in Configure
@disablables is sorted, but these were just added at the end of
%disabled in commits c2e27310 and 22e3dcb7.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 10:51:21 +01:00
Andy Polyakov
9d46752dfe Configure: recognize -static as link option and disable incompatible options.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 12:45:51 +02:00
Richard Levitte
25d498c176 The capi engine uses stdio, so don't build it when configuring 'no-stdio'
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:18:15 +02:00
Emilia Kasper
29df3061b3 Add memory sanitizer config, and run on travis.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-28 21:43:27 +02:00
Richard Levitte
7f5af79728 build.info: implement PROGRAM_NO_INST, and dito for ENGINES, SCRIPTS, LIBS
PROGRAM_NO_INST, ENGINES_NO_INST, SCRIPTS_NO_INST and LIBS_NO_INST are
to be used to specify program, engines, scripts and libraries that are
not to be installed in the system.  Fuzzers, test programs, that sort
of things are of the _NO_INST type, for example.

For the benefit of build file templates and other templates that use
data from configdata.pm, a new hash table $unified_info{install} is
created.  It contains a set of subhashes, one for each type of
installable, each having an array of file names as values.  For
example, it can look like this:

    "install" =>
        {
            "engines" =>
                [
                    "engines/afalg/afalg",
                    "engines/capi",
                    "engines/dasync",
                    "engines/padlock",
                ],
            "libraries" =>
                [
                    "libcrypto",
                    "libssl",
                ],
            "programs" =>
                [
                    "apps/openssl",
                ],
            "scripts" =>
                [
                    "apps/CA.pl",
                    "apps/tsget",
                    "tools/c_rehash",
                ],
        },

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 20:49:54 +02:00
Richard Levitte
878f42251b Make fuzzer and fuzz tester builds less magic
Instead of having fuzz/build.info.fuzz magically and conditionally
included along with the other build.info files, incorporate it in
fuzz/build.info and add the conditions there instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 19:37:50 +02:00
Richard Levitte
d513369bfa perl: Separate compile-time environment from runtime environment
Make it possible to have a separate and different perl command string
for installable scripts than we use when building, with the
environment variable HASHBANGPERL.  Its value default to the same as
the environment PERL if it's defined, otherwise '/usr/bin/env perl'.

Note: this is only relevant for Unix-like environments.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-04 15:40:31 +02:00
Richard Levitte
4748f89022 Make build.info INCLUDE stmts be both source and build tree relative
INCLUDE statements in build.info files were source tree centric.  That
meant that to get include directory specs in the build tree, we had to
resort to perl fragments that specified the build tree include paths
as absolute ones.

This change has the INCLUDE statement consider both the source and
build tree for any include directory.  It means that there may be some
extra unnecessary include paths, but it also makes life simpler for
anyone who makes changes in the build.info files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 18:34:21 +02:00
Ben Laurie
90d28f0519 Run the fuzzing corpora as tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 13:45:45 +01:00
FdaSilvaYY
f430ba31ac Spelling... and more spelling
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245)
2016-06-22 00:26:10 +02:00
Petr Vaněk
28bd8e945f Fix typo
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1241)
2016-06-21 14:40:06 -04:00
Matt Caswell
2b1343b914 no-ripemd is an alias for no-rmd160
mkdef.pl was failing to understand no-ripemd. This is a deprecated option
which should act as an alias for no-rmd160.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 20:05:37 +01:00
Richard Levitte
27ffb86c20 Move the Configure generated header files to the top build.info
This turns these headers into build file generated ones.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 22:11:38 +02:00
Richard Levitte
4f858293a9 Configure: Make it possible to generate mandatory header files
'DEPEND[]=file.h' becomes a special way to say that 'file.h' must be
generated before anything else is built.  It's likely that a number
of source files depend on these header files, this provides a simple
way to make sure they are always generated even it the dependency data
hasn't been added to the build file yet.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 22:11:38 +02:00
Richard Levitte
65cc6d5c0a Configure: complete the changed fuzz option checks
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-05 21:38:59 +02:00
Richard Levitte
a9936b5a12 Clean away the last unixmake vestiges
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 23:21:43 +02:00
Kurt Roeckx
f59d0131cb Add support for fuzzing with AFL
Reviewed-by: Ben Laurie <ben@links.org>

MR: #2740
2016-06-04 14:39:24 +02:00
Rich Salz
44c8a5e2b9 Add final(?) set of copyrights.
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:27:25 -04:00
Richard Levitte
23049aa52e perl: use the 'if' module to conditionally load File::Glob
Trying to use normal perl conditions to conditionally 'use' a perl
module didn't quite work.  Using the 'if' module to do so does work.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-30 11:55:46 +02:00
Andy Polyakov
9785555616 Configure,test/recipes: "pin" glob to File::Glob::glob.
As it turns out default glob's behaviour for quoted argument varies
from version to version, making it impossible to Configure or run
tests in some cases. The reason for quoting globs was to accommodate
source path with spaces in its name, which was treated by default glob
as multiple paths. File::Glob::glob on the other hand doesn't consider
spaces as delimiters and therefore works with unquoted patterns.

[Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work
on VMS, hence the "pinning" is conditional.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-29 14:12:35 +02:00
Richard Levitte
a3a08f8125 Configure: handle spaces in source directory spec
RT#4486

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-27 17:41:32 +02:00
Andy Polyakov
656bbdc68c Configure: pull 'which' back.
At earlier point 'which' was replaced with IPC::Cmd::can_run call.
Unfortunately on RPM-based systems it is a separate package and it's
not given that it's installed. Resurrected 'which' provides
poor-man fallback for IPC::Cmd::can_run.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 23:50:40 +02:00
Richard Levitte
223516eadc Don't clean away headers generated by Configure
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-25 21:18:57 +02:00
Richard Levitte
4639c68b97 Make sure crypto-mdebug-backtrace must be enabled explicitely
As it was until now, crypto-mdebug-backtrace was enabled by default
and only disabled if crypto-mdebug was disabled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-25 15:42:15 +02:00
Richard Levitte
ce9598124e Configure: To allow file names with spaces, tokenize with respect for quotes
For parsing build.info files.

RT#4492

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-25 11:50:23 +02:00
Richard Levitte
05a7aee0e2 Communicate Configure generated header files to build files
Add Configure generated header files to $unified_info{generate}.  This
makes sure the build files will pick them up with the rest for the
GENERATED macro, and thereby make sure they get cleaned away by 'make
clean'

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-25 00:46:00 +02:00
Todd Short
050a36a9a1 Add buf-freelists to deprecated options
The buf-freelists option was removed in master. There may be some
things that try to disable it, so don't error out.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 20:07:41 +01:00
Richard Levitte
8f41ff2d53 Add support for RC / WINDRES env variables
RT#2558

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-16 18:03:40 +02:00
Andy Polyakov
6646f69f31 Configure: replace which() with IPC::Cmd::can_run.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 20:22:39 +02:00
Andy Polyakov
f58a0acb79 Configure: adhere to $(CROSS_COMPILE)ranlib.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 09:15:10 +02:00
Andy Polyakov
c145d19771 Configure: make it work with Perl 5.10.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 09:13:05 +02:00
Ben Laurie
c38bb72797 Add fuzzing!
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-07 18:13:54 +01:00
Richard Levitte
38add2300f Add the possibility for local build file templates
Use the environment variable OPENSSL_LOCAL_CONFIG_DIR to find build
file templates as well.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-02 20:19:41 +02:00
Richard Levitte
b5293d4c8d Add the possibility to have an extra local OpenSSL configs directory
The environment variable OPENSSL_LOCAL_CONFIG_DIR is used to indicate
that there's a local directory with extra configuration files.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-02 20:19:41 +02:00
FdaSilvaYY
8483a003bf various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
2016-04-28 14:22:26 -04:00
Benjamin Kaduk
42a9f38613 Remove the never-functional no-sct
It was added as part of 2df84dd329
but has never actually been used for anything; presumably it was
a typo for one of SCTP or CT.

This removes the last '??' entry from INSTALL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-26 08:32:10 -04:00
Richard Levitte
8d34daf0ce Build system: add include directories and dependencies for generators
In the case of generating a file like this:

    GENERATE[foo.S]=mkfoo.pl arg1 arg2

the 'mkfoo.pl' generator itself might need to include other files,
such as perl modules within our source tree.  We can reuse already
existing syntax for it, like this:

    INCLUDE[mkfoo.pl]=module/path

or:

    DEPEND[mkfoo.pl]=modules/mymodule.pm

This change implements the support for such constructs, and for the
DEPEND statement, for any value that indicates a perl module (.pm
file), it will automatically infer an INCLUDE statement for its
directory, just like it does for C header files, so you won't have do
write this:

    DEPEND[mkfoo.pl]=modules/mymodule.pm
    INCLUDE[mkfoo.pl]=modules

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-25 18:06:06 +02:00
Richard Levitte
ddc606c914 Warn when doing an out-of-source build and finding in-source build artifacts
The reason to warn is that configuration *may* pick up on
configuration header files that are in the source tree, that might be
for a wildly different configuration than what is expected in the
current out-of-source configuration.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-22 18:20:47 +02:00
Rich Salz
ac3d0e1377 Copyright consolidation; .pm and Configure
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:40:05 -04:00
Richard Levitte
45c6e23c97 Remove --classic build entirely
The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 16:04:56 +02:00
Matt Caswell
505f74ca34 Cascade no-dgram from no-sock in Configure not e_os.h
e_os.h was defining OPENSSL_NO_DGRAM if OPENSSL_NO_SOCK was defined.
This causes link problems on Windows because the generated .def files
still contain the DGRAM symbols even though they have not been compiled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:46 +01:00
Matt Caswell
ce942199db Make "shared" builds the default
In most cases we expect that people will be using shared libraries not
static ones, therefore we make that the default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 22:23:12 +01:00
Matt Caswell
d90a6beb0e Fix no-stdio and no-autoalginit
no-stdio does not work with the apps. Since the tests also need the apps
it doesn't support that either. Therefore we disable building of both.

no-autoalginit is not compatible with the apps because it requires explicit
loading of the algorithms, and the apps don't do that. Therefore we disable
building the apps for this option. Similarly the tests depend on the apps
so we also disable the tests. Finally the whole point about no-autoalginit
is to avoid excessive executable sizes when doing static linking. Therefore
we disable "shared" if this option is selected.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 16:41:03 +01:00
Matt Caswell
7ec8de16fe Remove no-aes, no-rsa, no-sha, no-md5 and no-hmac
These algorithms are fundamental and extensively used. The "no-" options
do not work either in 1.1.0 or in other released branches. Therefore the
ability to disable them should be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Richard Levitte
da430a5555 Fix the handling of --with-zlib-include
The handling was Unix centric, already in Configure.  Change that to
just collect the value and let the build file templates figure out
what to do with it.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 11:36:46 +02:00
Andy Polyakov
463a7b8cb0 Clean-up *_DEBUG options.
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 21:18:00 +02:00
Richard Levitte
2110febb11 Perl cleanup: don't create lists unnecessarily
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 15:21:27 +02:00
Andy Polyakov
ad7c9c9faf Configure: add BLAKE_DEBUG to --strict-warnings set.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 12:29:02 +02:00
Rich Salz
e771eea6d8 Revert "various spelling fixes"
This reverts commit 620d540bd4.
It wasn't reviewed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 16:11:43 -04:00
FdaSilvaYY
620d540bd4 various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 15:06:32 -04:00
Richard Levitte
488e2b0f5a Add the C macro NDEBUG when configuring for release
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-01 22:48:12 +02:00
Richard Levitte
5902821d81 Make the use of perl more consistent
- In Configure, register the perl interpreter used to run Configure,
  so that's the one being used throughout instead of something else
  that Configure happens to find.  This is helpful for using a perl
  version that's not necessarely first in $PATH:

    /opt/perl/5.22.1/bin/perl ./Configure

- Make apps/tsget a generated file, just like apps/CA.pl, so the
  perl interpreter registered by Configure becomes the hashbang path
  instead of a hardcoded /usr/bin/perl

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-01 07:24:04 +02:00
Ben Laurie
686c86a430 More things that don't work together.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-30 12:14:56 +01:00
Richard Levitte
2a08d1a05d Make it possible to specify source files that will only be used for shared libs
There are rare cases when an object file will only be used when
building a shared library.  To enable this, we introduce
SHARED_SOURCE:

    SHARED_SOURCE[libfoo]=dllmain.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-30 11:22:15 +02:00
Kurt Roeckx
c5c7700c9a When using no-dtls create OPENSSL_NO_DTLS
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452
2016-03-28 01:12:43 +02:00
Ben Laurie
b8ce6dda36 Fix enable-zlib no-comp.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:15:38 +00:00
Ben Laurie
3fd4d211ae sctp requires dgram.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:14:28 +00:00
Matt Caswell
168c3b737e Fix no-gost
Configure had the wrong name for the no-gost option.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:28:40 +00:00
Matt Caswell
dc110177de Remove the no-rijndael option
Rijndael is an old name for AES.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-21 14:40:05 +00:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Richard Levitte
0ef1ce49ee Remove generation of ms/version32.rc from Configure, use util/mkrc.pl
utils/mkrc.pl was added a while ago as a better generator for the
Windows DLL resource file.  Finalize the change by removing the
ms/version32.rc generator from Configure and adding resource file
support using mkrc.pl in Configurations/windows-makefile.pl

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:00:21 +01:00
Richard Levitte
3850f8cb15 Make apps/progs.pl more flexible
Make Configure write @disablables to configdata.pm and have
apps/progs.pl use that data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 01:49:31 +01:00
Richard Levitte
d4037cea3c Correct the export list when writing configdata.pm
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 01:31:48 +01:00
Richard Levitte
da1f2104c7 Correct the check of files to depend on against known generated ones
The check was erroneously inversed

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 01:29:01 +01:00
Richard Levitte
1f2e1cd5e8 Make picker, thread and combine standard config helper functions
Document them as well

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-17 22:46:14 +01:00
Rich Salz
1fbab1dc6f Remove Netware and OS/2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 17:06:57 -04:00
Richard Levitte
014267f68c Disallow --classic for Windows
With all the config changes, mk1mf is broken on Windows.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-17 21:35:31 +01:00
Richard Levitte
2b6b606c7b Added build.info debugging capability to Configure
This is only enabled when the environment variable
CONFIGURE_DEBUG_BUILDINFO is defined.  This will cause every line in
every build.info file to be displayed, along with the content of the
skip stack before and after parsing.  This can be a very powerful tool
to see that all conditions are working as expected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-17 19:08:16 +01:00
Matt Caswell
68dc37c126 Disable AFALG when cross-compiling
We don't currently support cross-compiling of the afalg engine. However
we were failing to explicitly mark it as disabled during Configure leading
to a failed build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-16 10:08:53 +00:00
Richard Levitte
3e19b07f14 static-engine is no longer an internal keyword, remove it from %disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-15 14:05:35 +01:00
Emilia Kasper
c91a0a8343 Disable afalg when engine is disabled.
Also make it possible to disable afalg separately.

we still need to update config again

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 17:03:53 +01:00
Richard Levitte
9f519addc0 Enforce the demand for Perl 5.10.0 as a minimum.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:21:35 +01:00
Richard Levitte
01d9997659 Fix a few Configure errors
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:21:35 +01:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Andy Polyakov
d0db7ee0b1 Configure: remove dependency on 'head'.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:26:55 +01:00
Richard Levitte
0069806128 Don't build dynamic engines unless configured "shared"
Experience has shown that dynamic engines with their own copy of
libcrypto is problematic, so we disable that possibility.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-11 12:58:15 +01:00
Richard Levitte
39affe19dc Configure - don't trust $1 to stick around, save its value away
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-10 20:13:01 +01:00
Richard Levitte
c5798e0eb5 Correct slight logic error in processing IF in build.info
This corrects a fault where the inner IF in this example was still
being acted upon:

  IF[0]
    ...whatever...
    IF[1]
      ...whatever more...
    ENDIF
  ENDIF

With this change, the inner IF is skipped over.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 23:58:44 +01:00
Richard Levitte
c471884996 Comment away the extra checks in Configure
The "extra checks" is a debugging tool to check the config resolving
mechanism.  It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.

So, it gets commented away, but stays otherwise in place, as it may be
useful again.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:59:14 +01:00
Richard Levitte
635bd409b3 In build.info, an IF within a clause that's skipped over shouldn't apply
If we find an IF within a clause that's skipped over, set it to be
skipped as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 14:53:30 +01:00
Matt Caswell
2e52e7df51 Remove the old threading API
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 12:41:39 +00:00
Richard Levitte
79fff39d71 Don't check the conditions to build e_afalg if configured "no-engine"
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 12:51:07 +01:00
Richard Levitte
63ee7129f1 Have Configure display the value of SHARED_CFLAG
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:33:23 +01:00
Richard Levitte
30752dd7df Check gcc version to see if it supports -MM and friends
According to manuals found here: https://gcc.gnu.org/onlinedocs/, GNU
C version 3 and on support the dependency generation options.  We
therefore need to check the gcc version to see if we're going to use
it or makedepend for dependency generation.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:09:30 +01:00
Richard Levitte
09aa263a14 Add the configure option 'no-makedepend'
If no makedepend program or equaly capable compiler is present,
'makedepend' gets disabled automatically.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 01:57:52 +01:00
Richard Levitte
dc3365f729 Add the Configure option --classic, to fall back on classic build schemes
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-08 10:48:25 +01:00
Richard Levitte
39b25ee244 Revert "unified build scheme: Try to nudge users to try the "unified" build"
This reverts commit 242ffb05a2.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-08 10:48:25 +01:00
Matt Caswell
fa22f98f19 Fix building without multiblock support
Not all platforms support multiblock. Building without it fails prior to
this fix.

RT#4396

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 08:52:45 +00:00
Richard Levitte
8a67946e5b Unified - Add the build.info command OVERRIDE, to avoid build file clashes
Should it be needed because the recipes within a RAW section might
clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:

    SOURCE[libfoo]=foo.c bar.c

    OVERRIDES=bar.o
    BEGINRAW[Makefile(unix)]
    bar.o: bar.c
        $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
    ENDRAW[Makefile(unix)]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:25:56 +01:00
Richard Levitte
ae4c745075 Unified - Add the build.info command GENERATE, to generate source files
In some cases, one might want to generate some source files from
others, that's done as follows:

    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
    GENERATE[bar.s]=asm/bar.S

The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except the the first
item muct be the generator file.  It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:25:56 +01:00
Matt Caswell
8da00a38cd Misc afalg build fixes
Misc afalg build fixes as suggested by Richard Levitte for the latest
Configure changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
6cba4a6661 Rework based on feedback:
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
   future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
7f458a48ff ALG: Add AFALG engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Richard Levitte
6928b6171a Change names of ordinals and libs, libeay => libcrypto and ssleay => libssl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-05 09:02:33 +01:00
Kurt Roeckx
9829b5ab52 Disable SSLv3 by default
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Kasper <emilia@openssl.org>

MR: #2203
2016-03-04 18:48:06 +01:00
Matt Caswell
8b1a5af389 Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:04:06 +00:00
Richard Levitte
25004db793 Restore the zlib / zlib-dynamic logic
The proper logic is that both zlib and zlib-dynamic are disabled by
default and that enabling zlib-dynamic would enable zlib.  Somewhere
along the way, the logic got changed, zlib-dynamic was enabled by
default and zlib didn't get automatically enabled.

This change restores the original logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 05:22:22 +01:00
Richard Levitte
2952b9b811 Don't copy from %target to %config so much, see %config as a complement
We copied $target{cflags}, $target{defines} and a few more to %config,
just to add to the entries.  Avoid doing so, and let the build templates
deal with combining the two.

There are a few cases where we still fiddle with %target, but that's
acceptable.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
9c62a279fe Configure - Get rid of the special thread_cflag, replace with thread_scheme
The thread_cflag setting filled a double role, as kinda sorta an
indicator of thread scheme, and as cflags.  Some configs also added
lflags and ex_libs for multithreading regardless of if threading would
be enabled or not.

Instead of this, add threading cflags among in the cflag setting,
threading lflags in the lflag setting and so on if and only if threads
are enabled (which they are by default).

Also, for configs where there are no special cflags for threading (the
VMS configs are of that kind), this makes it possible to still clearly
mention what thread scheme is used.

The exact value of thread scheme is currently ignored except when it's
"(unknown)", and thereby only serves as a flag to tell if we know how
to build for multi-threading in a particular config.  Yet, the
currently used values are "(unknown)", "pthreads", "uithreads" (a.k.a
solaris threads) and "winthreads".

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
8864f0de7b Configure - get rid of the special debug_ and release_ settings
Instead, make the build type ("debug" or "release") available through
$config{build_type} and let the configs themselves figure out what the
usual settings (such as "cflags", "lflags" and so on) should be
accordingly.

The benefit with this is that we can now have debug and release
variants of any setting, not just those Configure supports, and may
also involve other factors (the MSVC flags /MD[d] and /MT[d] involve
both build type and whether threading is enabled or not)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
940a09bad4 Minimize copied config settings
$target{lflags} and $target{plib_flag} were copied to %config for no
good reason.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
98fdbce091 Configure - move the addition of the zlib / libz lib to configs
Configure had the Unix centric addition of -lz when linking with zlib
is enabled, which doesn't work on other platforms.  Therefore, we move
it to the BASE_unix config template and add corresponding ones in the
other BASE_* config templates.  The Windows one is probably incomplete,
but that doesn't matter for the moment, as mk1mf does it's own thing
anyway.

This required making the %withargs table global, so perl snippets in
the configs can use it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
d2b2221a04 Configure - Rename BASE to DEFAULTS and add a few inheritable BASEs
These BASE templates are intended to hold values that are common for
all configuration variants for whole families of configurations.

So far, three "families" are identified: Unix, Windows and VMS, mostly
characterised by the build system they currently use.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
b0b92a5bb5 Configure - Allow CODErefs and ARRAYrefs in configuration setting arrays
This provides for more powerful lazy evaluation and buildup of the
setting contents.  For example, something like this becomes possible:

    defines => [ sub { $config{thisorthat} ? "FOO" : () } ]

Any undefined result of such functions (such as 'undef' or the empty
list) will be ignored.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
b0a1e8bf3e Configure - make the use of environment variables for overrides consistent
We allow some commands to be overriden, but didn't handle that in a
consistent manner.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 14:46:03 +01:00
Richard Levitte
b756967d28 Make uplink auxiliary source separate from cpuid source
There are cases, for example when configuring no-asm, that the added
uplink source files got in the way of the cpuid ones.  The best way to
solve this is to separate the two.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 14:45:02 +01:00
Richard Levitte
2e0956ba6d Unified - have configdata.pm depend on a few more things
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-01 06:39:16 +01:00
Richard Levitte
e5ed5f6a59 Remove last remains of old config strings
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-27 21:32:24 +01:00
Richard Levitte
79302211cc Apply default after having checked the given config target is valid
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-27 14:27:25 +01:00
Richard Levitte
cb212f239a Make the table entry printer in Configure aware of ARRAYs
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 17:38:39 +01:00
Richard Levitte
a26d8be953 Forgotten change of add() call in Configure
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-26 16:05:41 +01:00
Richard Levitte
bdcd83e127 Configure - neater looking add() and add_before()
They now default to " " as separator, but that can be overridden by
having a hash with parameters as last argument.  The only currently
recognised parameter is `separator'.

The special separator `undef' will force the result to become a list
rather than a concatenated string.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-26 09:00:25 +01:00
Richard Levitte
4f16039efe Add OPENSSL_PIC back
In the earlier change, where static libraries get built with position
independent code, OPENSSL_PIC was removed by mistake.  This adds it
back.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 20:41:42 +01:00
Rich Salz
a773b52a61 Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 13:39:44 -05:00
Richard Levitte
58163021e2 The build files use %disabled, make sure to pass it to them
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 19:26:49 +01:00
Matt Caswell
316fae2a94 Partial revert of 1288f26 and fix for no-async
The commit 1288f26 says that it fixes no-async, but instead seems to break
it. Therefore revert that change and fix no-async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:48:09 +00:00
Richard Levitte
721f9058b3 Clean away $no_dso since with have $disabled{dso}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
00b0d6632b Clean away $no_asm since with have $disabled{asm}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
93e3d3f3ff Clean away $no_rfc3779 since we don't appear to use it at all
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
36a3090904 Clean away $zlib since with have $disabled{zlib}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
22bfe05efd Clean away $no_threads since we have $disabled{threads}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:36:58 +01:00
Richard Levitte
84af1bae68 Clean away $config{no_shared} since we have $disabled{shared}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:36:58 +01:00
Richard Levitte
9e04edf2f3 Expose %disables to the perl fragments in build.info files.
This way, we can use them as conditions instead of relying to more or
less obscure aliases in %config or variables directly in Configure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:33:55 +01:00
Richard Levitte
45b71abe70 Fix a few typos
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:10:33 +01:00
Richard Levitte
e80381e1a3 Get back "ssl2" as a deprecated disablable option
Preserved for now for those who have scripts with the option
"no-ssl2".  We warn that it's deprecated, and ignore it otherwise.

In response to RT#4330

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 15:42:15 +01:00
Richard Levitte
ae48242c81 Introduce the "pic" / "no-pic" config option
Building shared libraries or not is not the same as building position
independent code or not.  It's true that if you don't build PIC, you
can't build shared libraries.  However, you may very well want to
build only static libraries but still want PIC code.

Therefore, we introduce a new configuration option "pic", which is
enabled by default or explicitely with "enable-pic", or disabled with
"no-pic" or "disable-pic".  Of course, if "pic" is disabled, "shared"
and "dynamic-engine" are automatically disabled as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 14:38:31 +01:00
Richard Levitte
19ab579060 Use $disabled{"dynamic-engine"} internally
We were kinda sorta using a mix of $disabled{"static-engine" and
$disabled{"dynamic-engine"} in Configure.  Let's avoid confusion,
choose one of them and stick to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 14:38:31 +01:00
Richard Levitte
343ec2b083 Build dynamic engines even if configured "no-shared"
Until now, the engines in engines/ were only built as dynamicaly
loadable ones if shared libraries were built.

We not dissociate the two and can build dynamicaly loadable engines
even if we only build static libcrypto and libssl.  This is controlled
with the option (enable|disable|no)-static-engine, defaulting to
no-static-engine.

Note that the engines in crypto/engine/ (dynamic and cryptodev) will
always be built into libcrypto.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
f99f91f121 Misc small fixes.
Better libclean that removes the exact files that have been built,
nothing more and nothing less.

Corrected typo

A couple of editorial changes.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:52:15 +01:00
Richard Levitte
e987f9f271 Let Configure figure out the diverse shared library and DSO extensions
Then it can pass around the information where it belongs.  The
Makefile templates pick it up along with other target data, the
DSO module gets to pick up the information through
crypto/include/internal/dso_conf.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:51:23 +01:00
Richard Levitte
3a55c92bba Rethink the uplink / applink story
Adding uplink and applink to some builds was done by "magic", the
configuration for "mingw" only had a macro definition, the Configure
would react to its presence by adding the uplink source files to
cpuid_asm_src, and crypto/build.info inherited dance to get it
compiled, and Makefile.shared made sure applink.o would be
appropriately linked in.  That was a lot under the hood.

To replace this, we create a few template configurations in
Configurations/00-base-templates.conf, inherit one of them in the
"mingw" configuration, the rest is just about refering to the
$target{apps_aux_src} / $target{apps_obj} in the right places.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:06:54 +01:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
Rich Salz
d63a5e5e7d Remove outdated DEBUG flags.
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:14:50 -05:00
Rich Salz
e4ef2e25f1 Remove "experimental" in code and comments, too.
Thanks to Viktor for additional review.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-17 21:12:30 -05:00
Richard Levitte
4277cf9091 Get conditional priorities right
"or" has lower priority than "||" and works better to have Perl less
confused.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 22:23:09 +01:00
David Woodhouse
02f7114a7f RT3628: Allow filenames to be eliminated from compiled library
Although I explicitly don't care about the tinfoil-hat reason given in
the initial opening of RT#3628, that "paths usually contain private
information", there *are* situations where it's useful to eliminate the
filenames from the compiled binary.

The two reasons we do care about in the context of firmware such as EDK2
are that it allows for a smaller footprint, and it is also a necessary
component of a binary-reproducible build.

To that end, introduce OPENSSL_FILE and OPENSSL_LINE macros, defining
them to __FILE__ and __LINE__ respectively in the normal case, but to
"" and 0 when OPENSSL_NO_FILENAMES is set.

This is mostly a naïve invocation of
 $ sed 's/__\([FL]I[NL]E\)__/OPENSSL_\1/g' -i `git grep -l __LINE__`
but with a few instances change to just print the function name instead
(although those probably need to die anyway) and test cases left untouched.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 14:19:46 -05:00
Richard Levitte
95b2ebdf99 When someone configures an out-of-source build, switch to unified
For example, this works instead of giving a big error message (note
the lack of '--unified'):

    mkdir ../_build
    (cd ../_build/; ../openssl-src/config; make)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-17 20:09:33 +01:00
Richard Levitte
d918f9cb2d Fix check of -DOPENSSL_USE_APPLINK in $config{cflags}
The previous fix wasn't right.

Also, change all (^|\s) and (\s|$) constructs to (?:^|\s) and (?:\s|$).
Perl seems to like that better.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-17 20:07:06 +01:00
Rich Salz
1288f26fb9 RT4310: Fix varous no-XXX builds
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.

A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.

Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.

Also remove the 'Really???' comment from no-err and no-locking. We use
those too.

We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 13:33:51 -05:00
Rich Salz
dba3177745 Remove JPAKE
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-17 09:46:10 -05:00
Richard Levitte
432c7a50f2 Check for OPENSSL_USE_APPLINK in $config{cflags} as well
Macro definitions "should" be found in $config{defines}, but some
configs haven't transfered macro definitions from their 'cflags'
settings (which isn't mandatory anyway), so check both places.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:49:29 +01:00
Richard Levitte
a583fc45fa Don't check for gcc or clang on VMS
This check is meaningless on VMS and only produce an error because the
underlying shell (DCL) doesn't understand sh syntax such as '2>&1'.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:23:47 +01:00
Richard Levitte
7c55e22c69 Lowercase configuration arguments on VMS
Depending on user preferences, Configure might get something like
--PREFIX=blah just as well as --prefix=blah, or "SHARED" just as well
as "shared".  On VMS, let's therefore lowercase at least the portion
of the argument before a possible equal sign.

For good measure, we lowercase the arguments to be checked in
config.com as well.  The original argument is sent on to Configure,
however.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:10:06 +01:00
Richard Levitte
ef8ca6bd54 Make the use of mdebug backtrace a separate option
To force it on anyone using --strict-warnings was the wrong move, as
this is an option best left to those who know what they're doing.

Use with care!

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-14 17:22:42 +01:00
Rich Salz
8bccbce52a Reformat warn variables for easier editing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 12:39:24 -05:00
Richard Levitte
63994098d5 Rethink the method to place user cflags last
The previous method had some unfortunate consequences with
--strict-warnings.  To counteract, revert part of the previous change
and move down the block of code that adds the user cflags and defines.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-13 14:06:40 +01:00
Richard Levitte
3c65577f1a Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix
INSTALL_PREFIX is a confusing name, as there's also --prefix.
Instead, tag along with the rest of the open source world and adopt
the Makefile variable DESTDIR to designate the desired staging
directory.

The Configure option --install_prefix is removed, the only way to
designate a staging directory is with the Makefile variable (this is
also implemented for VMS' descrip.mms et al).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-12 21:54:07 +01:00
Rich Salz
2b91ec7575 Put user flags last for priority.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-12 15:42:33 -05:00
Richard Levitte
04f171c096 Remove last chomps
In the previous commit to change all chomp to a more flexible regexp,
Configure was forgotten.  This completes the change.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-12 13:04:32 +01:00
Rich Salz
22e3dcb780 Remove TLS heartbeat, disable DTLS heartbeat
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:57:26 -05:00
Rich Salz
f3f1cf8444 Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:40:32 -05:00
Richard Levitte
64c443e3f0 Add support for shared_rcflag, useful for windres (Cygwin and Mingw)
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:50:01 +01:00
Richard Levitte
68ab559a50 Modernise the mingw cflags and ldflags
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:50:01 +01:00
Richard Levitte
e737d7b197 Unified build: Keep track of generated header files
If someone runs a mixed unixmake / unified environment (the unified
build tree would obviously be out of the source tree), the unified
build will pick up on the unixmake crypto/buildinf.h because of
assumptions made around this sort of declaration (found in
crypto/build.info):

    DEPENDS[cversion.o]=buildinf.h

The assumption was that if such a header could be found in the source
tree, that was the one to depend on, otherwise it would assume it
should be in the build tree.

This change makes sure that sort of mix-up won't happen again.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:48:32 +01:00
Richard Levitte
d20bb611d9 Remove the "make depend" message
It's not necessary for a pristine source, and a developer that makes
changes usually knows what to do.

Also, there was this mechanism that would do a "make depend"
automatically which hasn't been used for so many years.  Removed as
well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:47:36 +01:00